Pages

Wednesday, 11 July 2018

Facebook fakes

It was recently noticed that there are a lot of fake accounts on Facebook.

These were set up several years ago - perhaps Facebook was less discerning then? They have the following characteristics in common. We see them when they try to join a group.

All claim to be in the USA
The account was set up several years ago, and contains two posts, one to set up the profile picture, and one to set up the banner. Then nothing for several years.
Many of them are an attractive woman in an attractive pose.
Others are an attractive man.
Many of them are members of several other groups with related subjects.

What is the purpose of these accounts, and the purpose of joining a group? Nothing good, I fear. By joining the group, they get better access to the members of that group. And here's what I've seen happen ...

The person offers to friend you. If you accept, then you later on get an invitation to a page, which is for a different person.

Reporting this to Facebook seems to have no effect.

How widespread is this?

I'm seeing more fakes than genuine people. That's a big deal. Is it possible that Facebook has less than half of the accounts that it claims?

Monday, 9 July 2018

Bojo bails

David Davis, Minister for Brexit has left the cabinet over the latest Theresa May proposal, supposedly agreed at Chequers.

Boris Johnson has followed suit.

I feel like I'm on the Titanic, and the crew hasn't merely given up on trying to save the ship or organise an orderly evacuation to lifeboats.

No. Half the staff have decided that now is the time to make more holes in the ship, and the other half have decided to shoot themselves in the foot.

So what now?

Can the May government survive this revolt? Is a leadership contest in the offing? Can Boris hold his nose and ally with Gove? Will Andrea Loathsome raise her hand? Will the Honourable Rees-Mogg indicate graciously that if asked to serve, he would not decline?

Dum de dum de dum de dum, dum de dum de dum dum ...



Bye bye Twitter

I just deleted my Twitter account. I've never used it apart from a few testing tweets. So it's just a database waiting to be hacked.

I only hope they delete my details.

Friday, 29 June 2018

PCI DSS

People following this blog have been reading about the various hurdles I've had to jump in order to become, and remain, PCI DSS complaint.

I used to have to fill in a huge form each year, with a couple of hundred questions. And then, every three months, they would test my server to check that it was secure to their exacting standards. And if it failed (which happened whenever a new threat emerged, like "Poodle" or "Heartbleed"), I'd have to work out why, and make changes to the version of Apache, or the version of Openssl, or to the configuration, or whatever.

Well, all that has completely changed!

Last week, I got a letter from Barclays, telling me that if I didn't get PCIDSS complaint by September, it would cost me an extra 0.3% per transactions. "Oh dear," I thought, then I realised that this might put up the amount I pay them by about 5%. And that's the worst case scenario!

So I stopped worrying, and filled in their online form, which I was surprised to discover was only about a dozen simple questions. Then I waited a week while they got around to processing it.

Today, I got the phone call. I was asked several questions, which duplicated the questions I'd already filled in, and I don't know why they did that. And then the lady on the call said "That's fine, you're compliant for a year." What about the quarterly security test?" I asked. "No need," she said.

So I went to the Barclay's web site, and sure enough, I'm compliant until this time next year.

They've abolished the server test.

My server tests out as A+ on the Qualys test, so I'm not worried about that. But this means that they've abolished the server test for other people too, and I don't know how many others.

Why?

Have they stopped caring about computer security? Surely not.

Friday, 22 June 2018

Spam from China

In my de-spammer, I have a category of email I call "non-roman". This is all email in alphabets that I cannot read. Maybe it's spam, maybe it isn't, but if I can't read it, I'll never know.

In the last week or so, there has been a huge rise in spam in Chinese. This is only part of what arrived in the last several hours. Over the same time period, there were only 24 spams that weren't in Chinese.


Monday, 11 June 2018

IPv6

IPv4 is the old familiar Internet Protocol, You get addresses like 12.34.56.121, four numbers in the range 0 to 255. That means there are 2 to the power 32 possible IP addresses.

When this was designed, that sounded like a lot, enough for indefinite use. This is 4 billion addresses, which is enough for half the people on the planet. Plenty, yes? No. They didn't anticipate the huge popularity of the internet, and it turns out that these 4 billion addresses are not enough. And there is an IP address shortage.

Enter IPv6

This consists of eight numbers instead of four. Which is 16 billion billion addresses. And that should be enough for a long time.

But.

Everyone uses IPv4 today. And people keep saying "We have to move to IPv6" because we've run out of IPv4 addresses.

And they've been saying that for seven years now.

So today, I decided to start making a move. Step one, talk to TalkTalk, to get some IPv6 addresses, and for them to route them to my connection. So I contacted TalkTalk.

 Huh.

They don't do IPv6. In April 2017, their Chief Operating Officer said that they will in future. But in the 14 months since then, there's been a deafening silence. And when I asked their tech people, they said they don't do IPv6 and didn't know when they might.

So I explained that when my contract comes up for renewal, the existence of IPv6 support will definitely be a factor in which service provider I choose.

I can't believe that they haven't done this yet.

Saturday, 2 June 2018

Barclays Merchant Services, and VAT

Six months ago, BMS (Barclays Merchant Services) changed over to a new accounting system. So when the first new bill arrived, in a totally different format from the old bill, I compared the old with the new, and I found a major discrepency. Previously, they had been charging me £50-£60 VAT each month. Suddenly, the VAT number was £5.

So I called them up. Either the old figure was inflated, or the new figure was too low. It took them about six months to look into it, and eventually, I got a nice refund from them.

I wondered, then, what they would do about all their other customers. Now I know. I just got a form letter from them, explaining about this.

This blunder must have cost them a lot.